基于动态关联分析的网络安全风险评估方法
发布时间:2019-06-10 10:54
【摘要】:该文针对入侵检测系统(IDS)实时报警具有关联性的特点,对一定时间间隔内的报警事件进行动态关联分析,在此基础上提出一种实时的风险评估方法。首先,考虑到安防措施强度与节点漏洞对攻击执行结果的影响,提出了攻击成功率算法;其次,提出攻击威胁度算法,较好地区分了多步关联性攻击行为连续发生与多个孤立攻击行为单独发生之间的威胁度差异;最后利用各节点风险态势值加权计算系统整体的风险态势值,从而获得系统实时的风险态势曲线图。为了验证所提方法的有效性,搭建了攻击测试平台,实验结果表明该方法是科学的、有效的,能够提高评估结果准确度,为安全管理员及时改进安防策略提供了重要依据。
[Abstract]:In this paper, according to the characteristics of (IDS) real-time alarm in intrusion detection system, the dynamic correlation analysis of alarm events in a certain time interval is carried out, and a real-time risk assessment method is proposed. First of all, considering the influence of the strength of security measures and node vulnerabilities on the execution results of the attack, an attack success rate algorithm is proposed. Secondly, an attack threat degree algorithm is proposed to distinguish the threat degree between the continuous occurrence of multi-step relational attacks and the individual occurrence of multiple isolated attacks. Finally, the risk potential value of the whole system is weighted by using the risk potential value of each node, and the real-time risk situation curve of the system is obtained. In order to verify the effectiveness of the proposed method, an attack test platform is built. The experimental results show that the method is scientific and effective, can improve the accuracy of the evaluation results, and provides an important basis for security managers to improve the security strategy in time.
【作者单位】: 北京邮电大学信息安全中心;空军工程大学信息与导航学院;
【基金】:国家自然科学基金(61003285,61202082) 北京邮电大学青年科研创新计划专项人才培育项目(2012RC0218)资助课题
【分类号】:TP393.08
[Abstract]:In this paper, according to the characteristics of (IDS) real-time alarm in intrusion detection system, the dynamic correlation analysis of alarm events in a certain time interval is carried out, and a real-time risk assessment method is proposed. First of all, considering the influence of the strength of security measures and node vulnerabilities on the execution results of the attack, an attack success rate algorithm is proposed. Secondly, an attack threat degree algorithm is proposed to distinguish the threat degree between the continuous occurrence of multi-step relational attacks and the individual occurrence of multiple isolated attacks. Finally, the risk potential value of the whole system is weighted by using the risk potential value of each node, and the real-time risk situation curve of the system is obtained. In order to verify the effectiveness of the proposed method, an attack test platform is built. The experimental results show that the method is scientific and effective, can improve the accuracy of the evaluation results, and provides an important basis for security managers to improve the security strategy in time.
【作者单位】: 北京邮电大学信息安全中心;空军工程大学信息与导航学院;
【基金】:国家自然科学基金(61003285,61202082) 北京邮电大学青年科研创新计划专项人才培育项目(2012RC0218)资助课题
【分类号】:TP393.08
【参考文献】
相关期刊论文 前5条
1 刘刚;李千目;张宏;;信度向量正交投影分解的网络安全风险评估方法[J];电子与信息学报;2012年08期
2 陈锋;刘德辉;张怡;苏金树;;基于威胁传播模型的层次化网络安全评估方法[J];计算机研究与发展;2011年06期
3 李斌;谢丰;陈钟;;一种面向业务的风险评估模型[J];计算机研究与发展;2011年09期
4 刘志杰;王崇骏;;一个基于复合攻击路径图的报警关联算法[J];南京大学学报(自然科学版);2010年01期
5 陈秀真;郑庆华;管晓宏;林晨光;;层次化网络安全威胁态势量化评估方法[J];软件学报;2006年04期
【共引文献】
相关期刊论文 前10条
1 诸葛涛;;校园网网络事件源定位技术研究[J];信息安全与技术;2011年Z1期
2 李宝s,
本文编号:2496411
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2496411.html
